Read their whitepaper - the RAM contents are available for between about 5 and 25 seconds depending on the type of RAM used. Freezing the RAM allows the contents to be preserved for longer periods.
So, as long as you shut down your machine and keep it secure for the next 30 seconds (let's say 60 seconds to be safe) you should be fine. If you hibernate your machine, but require some additional user input to restore RAM contents, then you should be fine to, as the attacker can't just turn the machine back on. Cheers Ken -----Original Message----- From: Ben Scott [mailto:[EMAIL PROTECTED] Sent: Tuesday, 26 February 2008 10:49 AM To: NT System Admin Issues Subject: Re: FYI: Security boffins unveil BitUnlocker On Mon, Feb 25, 2008 at 6:22 PM, Ken Schaefer <[EMAIL PROTECTED]> wrote: > The key isn't in RAM available to be stolen if the machine is off. The article in question asserts that in some cases, it actually can be. To quote, "... researchers show that data is vulnerable because encryption keys and passwords stored in a computer's temporary memory -- or RAM -- do not disappear immediately after losing power." It remains to be seen exactly how practical this attack is. But if proves out that DRAM, widely thought to be volatile storage (contents lost on power-off), is actually non-volatile in practical situations, this will be a Very Big Deal. -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
